KUALA LUMPUR: Bank Negara Malaysia (BNM) has imposed an administrative monetary penalty (AMP) of RM1 million on Bank Kerjasama Rakyat Malaysia Bhd (Bank Rakyat) for cybersecurity and customer information protection breaches on Jan 20, 2026.

The central bank said Bank Rakyat failed to implement robust cybersecurity standards as required under the risk management in technology policy document (RMiT PD).

It said Bank Rakyat also failed to safeguard customer information through adequate controls as required under the management of customer information and permitted disclosures policy document (MCIPD PD).

"BNM discovered that Bank Rakyat had breached several requirements under the RMiT PD and MCIPD PD following a cybersecurity incident in which an external threat actor gained unauthorised access to its information technology (IT) infrastructure.

"These breaches were attributed to inadequate cybersecurity controls and incident response,” it said on its website.

BNM said Bank Rakyat has taken remedial measures to strengthen its cybersecurity and information and communication technology (ICT) controls, resources and governance arrangements.